Microsoft Active Directory (AD) services have become a popular target for attackers, who use AD reconnaissance to discover the users, servers and computers in an enterprise network and then move laterally across the network using this information to carry out multi-stage attacks.

Recently, multiple major advanced persistent threat (APT) campaigns have used AD credentials to move laterally in the network beginning with a single compromised endpoint. This challenge is pervasive, as a large number of enterprises worldwide use AD services to manage their users, applications, and computers.

To counter those threats, Javelin Networks was founded by Red Team post-exploitation experts with a mission to protect every machine in the world connected to Active Directory. They developed software to protect AD and domain resources, including domain controllers, domain identities, and domain credentials. Javelin Networks’ technology can detect AD misconfigurations and backdoors and help prevent AD reconnaissance and credentials misuse by authorized devices and applications.

The Javelin Networks team and its technology is part of Symantec’s endpoint security business. The company was founded in 2014 and has employees based in Israel and the U.S.

“In the cloud generation, identity management services, such as Active Directory, are a critical part of a user’s interaction with their organization’s applications and services. They are also a critical information repository that attackers regularly exploit,” said Javed Hasan, senior vice president of endpoint and data center products, Symantec.

“The addition of Javelin Networks technology to our industry-leading endpoint security portfolio gives Symantec customers a unique advantage in one of the most vulnerable and critical areas of IT infrastructure. Most importantly, it can help expose exploitable backdoors in AD and stop attacks at the point of breach while preventing lateral movement.”

This acquisition further strengthens the endpoint security stack in a single-agent architecture. As one of four critical control points of the company’s Integrated Cyber Defense Platform, Symantec Endpoint Protection (SEP) helps customers meet the challenges of the cloud generation by simplifying and optimizing their environments, helping to lower costs, and improving security.

Over the past two years, Symantec has made investments to bring innovation to its endpoint security portfolio, further enhancing the company’s ability to protect the spectrum of modern endpoints and operating systems (e.g. iOS, Android). Symantec furthered its commitment to endpoint innovation with the acquisition of Appthority.